Providing OS X Upgrades via Casper’s Self Service

To help the folks in my shop keep their Macs updated to the latest version of OS X, I’ve been providing a Self Service-driven OS upgrade option via Casper for the past couple of years. For a high-level overview, here’s how the process looks for El Capitan from my folks’ perspective.

1. Launch Casper’s Self Service application.

2. Locate the El Capitan Upgrade option

3. Click on the Install OS X button.

4. In the next window that pops up, they’re given important information about the OS upgrade and need to click again on the Install OS X button.

If their Mac does not have sufficient free space available available on their boot drive, they receive a warning message and the upgrade process stops at this point.

If their Mac’s boot drive has sufficient free space available, they receive a message that OS X 10.11.x is downloading and preparing for installation. Once all preparations are complete, their Mac will automatically reboot to begin the installation process.

5. Once the Mac reboots, the OS upgrade process runs. Once completed, the Mac reboots.

6. Following the reboot, an automated post-upgrade process runs. This process will update the Mac with all available Apple updates along with applying my shop’s preferred settings for the new version of OS X.

Note:This process may involve several reboots, depending on what Apple updates are needed. Once the post-upgrade process completes, the Mac will reboot again.

7. Following the reboot, the Mac will boot to the login window. At this point, the OS upgrade process has been completed and it is OK to log in and begin working again.

To see how I’ve set up this workflow using Casper and other tools, please see below the jump.

The OS X upgrade method that I’m using leverages createOSXinstallPkg, which is a tool that allows you to create an installer package from Apple’s OS X installers. The resulting installer package can be used in the following ways:

Installing OS X on an empty partition

Upgrading existing OS X installations to a newer version of the OS X

You can use createOSXinstallPkg to build an OS X installer which installs a stock copy of that version of OS X. However, you can also use createOSXinstallPkg to add your own packages to a createOSXinstallPkg-built OS X installer. This is important from my point of view because this ability allows me to add a package which can run various tasks during the first time the Mac boots following the OS upgrade’s completion, including the previously-mentioned automated Apple software update check and application of my shop’s preferred settings.

Preparing installers for use with First Boot Package Install Generator.app

1. Set up a folder to hold your installers.

Note:createOSXinstallPkg has an upper limit of 350 MBs of available space for added packages, though this can vary per OS X version. This is sufficient space for basic configuration, payload-free or bootstrapping packages, but it’s not a good idea to add Microsoft Office or similar large installers to this installer.

2. Create numbered directories inside that folder, with 00 being the first and proceeding on to as many as you need. For numbers less than 10, make sure to label the directory with a leading zero (For example, 06).

3. Add one installer package to each numbered directory. The number of the directory indicates the install order, with 00 being the first.

Note:If installing more than 100 packages, be aware that this was beyond the scope of my testing. I recommend adding another leading zero where appropriate.

4. Once finished adding installers to the numbered directories, use First Boot Package Install Generator.app to generate a first boot installer package.

Creating the firstboot package using First Boot Package Install Generator.app

2. Once downloaded and installed, double-click on the First Boot Package Install Generator application. You’ll be prompted to select the directory that contains the installers you want to have installed at first boot.

3. Once you’ve selected the folder with your installers, you’ll be prompted to name the installer package. By default, the name filled in will be First Boot Package Install, but this name can be changed as desired.

4. Once you’ve entered a name for the installer package, you’ll be prompted for a package identifier. By default, the name filled in will be com.github.first_boot, but this name should be changed to be something unique.

5. Once you’ve entered an identifier for the installer package, you’ll be prompted for a version number. By default, the value filled in will be 1.0, but this value can be changed as needed.

6. You will be prompted to choose if you want to have all available Apple software updates applied before your packages are installed. Choose Yes or No as appropriate.

7. Once the package name, package identifier, package version and software update choice have been set, First Boot Package Install Generator.app will prompt for an administrator’s username and password.

8. Once the admin username and password are provided, First Boot Package Install Generator.app will create the installer package and prompt you when it’s finished.

9. Click OK at the prompt and a new Finder window will open and display the newly-created first boot installer package.

10. Once the new package has been displayed, First Boot Package Install Generator.app will automatically exit. The package is now ready for use.

$4 – The amount of free space you want to require on the boot drive before the OS upgrade can proceed.

$5 – the version number of the OS that is being upgraded to. For example, 10.11.

The reason I wrote a script to manage the OS upgrade process, as opposed to just installing the OS X installer package, is that I wanted to accomplish several things, but still ensure my users only had to deal with clicking the Install OS X button in Self Service.

Goals:

Make sure the Mac has enough free space available for an OS upgrade, plus a little extra for insurance.

Make sure that encrypted Macs were able to stop at the OS login window (to ensure that the post-upgrade processes I included would run normally.)

Do everything possible to make sure that the OS installer could be run successfully.

Goal 1

I’ve set a minimum amount of free space available on the Mac being upgraded, which on my Casper server is configured to be 40 GBs (this is defined by the $4 parameter for the script.) This allows for the 8.8 GBs of free space needed as a bare minimum for OS X El Capitan’s system requirements, the 6 GBs of space taken up by the createOSXinstallPkg-built OS X installer package, then a generous safety margin.

To enforce this, the script checks the Mac being upgraded for the actual amount of free space available and compares it against the value which I’ve set as the minimum amount of free space available. The part of the script that handles this is linked below:

If a Mac does not have the specified amount of free space, a message appears to let them know that they need to have X amount of space to install the OS using Self Service and they have an amount of free space which is less than X. The part of the script that handles this is linked below:

To help make sure that both encrypted and not-encrypted Macs will stop at the OS login window for the running of the post-upgrade process, the script will check to see if the Mac is encrypted or isn’t. If it is, a setting is added to /Library/Preferences/com.apple.loginwindow.plist to disable FileVault 2’s automatic login. The part of the script that handles this is linked below:

As part of my post-upgrade process, I have a script that re-enables FileVault 2’s automatic login.

Goal 3

Once the script has gotten past the check for free space and the encryption check, a message appears to let the user know that the installer is downloading and that the Mac will automatically restart to begin the OS upgrade process.

The parts of the script that handles these functions are linked below:

At that point, it downloads and caches the installer using the cache-elcapitan-installer policy. This is to ensure that all the parts of the OS installer downloaded properly before proceeding with the installation process. The part of the script that handles this is linked below:

Once the cache-elcapitan-installer policy has completed, the run-elcapitan-installer policy runs and installs the cached installer. If the cached installer isn’t found, the policy fails but otherwise won’t cause problems. The part of the script that handles this is linked below:

Like this:

Related

Very nice post! Personally, i like putting a payload-free pkg in my First Boot Package, calling a policy with a custom trigger from the postinstall-script, to take care of post-upgrade tasks. This way i don’t have to keep rebuilding the First Boot Package and the createOSXinstallPkg when there is a change, instead i can adjust it directly in the policy. One can also get around the 350MB limitation with this if that’s a problem for anyone.

This is great, Rich! Thank you so much. How would you go about adding your 10.11 first_boot.sh and LaunchDaemon into the equation here? It doesn’t appear to work when packaging as a .pkg through Composer and adding a DMG to folder 00 doesn’t seem to do it either. Thoughts?

One improvement I am interested is concerning how Self Service appears front and center after the upgrade is complete. And for a brief time, it still displays the “El Capitan Upgrade” until a recon and a refresh of Self Service takes place. Is it possible to close the Self Service application by way of the self_service_elcapitan_os_install.sh script and before the reboot is issued on line 47?

I believe the “shutdown -r now” command was causing the script to terminate abruptly. Changed to “shutdown -r +1” and it seems to give the script and policy ample time to complete. After the upgrade the “El Capitan Upgrade” entry is removed from self-service. It also lets the “El Capitan Upgrade” policy exit properly and the policy logs are recorded.

I am getting this error with the upgrade to 10.12.
Installation failed. The installer reported: installer: Error – This version of macOS 10.12 cannot be installed on this computer.
Blessing in-place OS upgrade directory…
Mounting install DMGs…
Creating Reboot Script…
It reboots to the OS that is already on there.